fusioncop / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

ESAPI methods use deprecated constants #257

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
The method resetCSRFToken() in the User class uses
the deprecated constant Encoder.CHAR_ALPHANUMERICS
rather than the preferred EncoderConstants.CHAR_ALPHANUMERICS.

Time to eat our own dog food!

Reported to ESAPI-DEV mailing list by Charles E. Smith.
Thanks Charles.

Original issue reported on code.google.com by kevin.w.wall@gmail.com on 28 Dec 2011 at 10:46

GoogleCodeExporter commented 9 years ago
Some other deprecation warnings that should be addressed:
- User.java line 666:
csrfToken = ESAPI.randomizer().getRandomString(8, Encoder.CHAR_ALPHANUMERICS);
- codecs/VBScriptCodec.java, line 47:
if (containsCharacter(c, DefaultEncoder.CHAR_ALPHANUMERICS) || 
containsCharacter(c, immune)) {
- reference/DefaultRandomizer.java, line 112:
String fn = getRandomString(12, DefaultEncoder.CHAR_ALPHANUMERICS) + "." + 
extension;
- reference/DefaultUser.java, line 479:
csrfToken = ESAPI.randomizer().getRandomString(8, 
DefaultEncoder.CHAR_ALPHANUMERICS);

- Deprecated code in unit tests:
All of these files use the deprecated DefaultEncoder.CHAR_ALPHANUMERICS, 
CHAR_LOWERS, CHAR_SPECIALS, and CHAR_UPPERS defines:

UserTest.java
AuthenticatorTest.java
HTTPUtilitiesTest.java
IntrustionDetectorTest.java
RandomizerTest.java
EncoderTest.java
EncryptorTest.java

Original comment by kevin.w.wall@gmail.com on 29 Dec 2011 at 4:31

GoogleCodeExporter commented 9 years ago
Fixed in r1869.

Original comment by kevin.w.wall@gmail.com on 24 Jun 2012 at 1:10